IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Microsoft EMET Blocking Agent Service from Starting

Microsoft EMET Blocking Agent Service from Starting




When Microsoft EMET is installed the Carbon Black Protection Agent (Bit9 Agent) service fails to start. You receive the error below:


Services fail to start with the error message:

Windows could not start the Bit9 Agent Service on the Local Computer.

Error 1503: The service did not respond to the start or control request in a timely fashion


The cause to this, is forced memory mapping by EMET. Typically this is a security feature, but the Agent does not allow memory injection or allocation, and will fail to load correctly.


Listed below are the steps to configure EMET to allow the service to start. The steps were created using EMET 5.5, so some options may differ from your current version:

  1. Firstly open the EMET GUI
  2. Select "Apps" at the top of the GUI
  3. Check in the listing for Parity.exe if its not listed, continue to the next step. If its already listed skip to step 5.
  4. Add the executable C:\Program Files (x86)\Bit9\Parity Agent\Parity.exe to the list by clicking Add Application and navigating to that directory.
  5. Next to Parity.exe uncheck the checkboxes for EAF, EAF+ and MandatoryASLR
  6. Hit OK after making the changes and attempt to start the Bit9 Agent service.
Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: